Metro Bank PLC

OB Standards

Implement Open Data v2.2	TBC
Implement Read/Write API Specification v3.1	TBC
Implement Customer Experience Guidelines v1.1	TBC
Implement App-to-App Redirection	TBC
Implement OB Security Profile Implementer's Draft v1.1.2	TBC
Implement FAPI Profile Implementers Draft 2	TBC
Implement CIBA Profile Implementers Draft 1	N/A
Implement Dynamic Client Registration v1.1	TBC
Implement Dynamic Client Registration v3.1	TBC
Decommission Read/Write API Specification v1.x/2.x	13 Mar 2020
Decommission OB Security Profile Implementer's Draft v1.x	TBC

Method of Identification

Commence support for eIDAS QWAC certificates	13 Mar 2020
Commence support for eIDAS QSEAL certificates	N/A
Commence support for OBIE QWAC-like certificates	N/A
Commence support for OBIE QSEAL-like certificates	N/A
Cease support for OBIE non eIDAS-like certificates for transport	N/A
Cease support for OBIE non eIDAS-like certificates for signing	N/A
Support for MTLS token endpoint authentication	13 Mar 2020
Support for private_key_jwt token endpoint authentication	13 Mar 2020
Cease support for client id and client secret token endpoint authentication	TBC

Post Brexit Certificate Implementation

PRE-BREXIT - Certificates Accepted (until 31st Dec 2020)	eIDAS QWAC eIDAS QSealC OB legacy (obtransport, obsigning) OBWAC OBSeal Other (Please define)
POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021)	eIDAS QWAC eIDAS QSealC OB legacy (obtransport, obsigning) OBWAC OBSeal Other (Please define)
POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)	eIDAS QWAC eIDAS QSealC OB legacy (obtransport, obsigning) OBWAC OBSeal Other (Please define)
Planned Implementation Date to Satisfy FCA's Post Transition	From 10/12/2020, Metro Bank will accept OBWAC certificates in our Test Facility. From 01/01/2021 we will accept OBWAC certificates in Production.
TPP PSU Migration Outcomes Supported	N/A
POST-BREXIT Certificate Implementation Status (updated by OBIE IES team)	PLANNED	ASPSP accept eIDAS certs and working towards accepting OB certs(OBWAC/OBSeal)

Implementation

Directory?	MCI
Location of Well Known Endpoints?	N/A
API Standard Implemented?	N/A
Name of Account Holder Implementation Date?	N/A
Date of Current eIDAS Implementation?	12 Mar 2020	eIDAS
Current Certificates used for Identification?	QWAC
Current Certificates used for Transport?	QWAC
Current Certificates used for Signing?	QWAC
Date of Future eIDAS Implementation?	No future update currently planned.
Future Certificates used for Identification?
Future Certificates used for Transport?
Future Certificates used for Signing?
Major Milestones	Metro will be delivering our Modified Customer Interface (MCI) as our long term TPP access solution on 12^th March 2020. To be compliant with the PSD2 regulations we will be using eIDAS (QWAC) certificates to authenticate TPPs and will no longer use OBWAC based authentications. We’d love for you to start using our MCI solution to help bring the Banking Revolution to customers. To register your app to use the MCI, please follow the "Dynamic Client Registration" link. For instructions on how to use the MCI once your app is registered, please follow the "Using the MCI" link. Our MCI Test Facility is already live – you can find loads of useful information on our Developer Portal: developer.metrobankonline.co.uk. We previously let you know that we were developing a suite of APIs as our long term strategic solution. We are no longer working on PSD2 APIs (Account API v1, Account API v3.1.1, Payment API v3.1.1) and intend to use the MCI solution as our TPP access interface for the foreseeable future. Our current v1.0 APIs are being deprecated and will be withdrawn on 12 March 2020.	(Inc Other Products, API Updates, API Deprecations, etc)
Brand(s)	Metro Bank
Security Profile?
Security Profile Certification?
CIBA	No
Using Open Banking as your eIDAS Trust Framework?	Yes
Are you caching the Directory?	No
Transaction IDs	Option 1	Metro Bank provide a Unique, Immutable TransactionID from our core system

Customer Journey

Implementing Customer Experience Guidelines?	Yes
Current CEG Version?
Next CEG Version?
Next Version Implementation Date
Implementing Bespoke User Journeys?	No
Implementing App to App?	No
App to App Implementation Date?	N/A
Options on 90 day re-authentication?	N/A for MCI	The concept of 90 day re-authentication is not applicable to MCI channel
Support Embedded Flow?	No

PSD2

Dispute Management System?	Yes
FCA Adjustment Period - Maintaining Screen Scraping?	N/A
Seeking Fallback Exemption?	No
Adjusted or Fallback Interface?	Yes
Adjusted or Fallback URL?	https://developer.metrobankonline.co.uk/dcr
Contact Email or Phone Number?	psd2support@metrobank.plc.uk
Dev Portal URL?	https://developer.metrobankonline.co.uk/home
Test Facility Implementation Date?	TBC
Production Interface Implementation Date?	TBC
Contingency Measures
Article 10 - Maximum time period after authentication?	N/A
Article 10 - Endpoints exempt of SCA	N/A
Authentication Method - Open Banking Channel (Browser)?	Browser Linking plus Risk Score and Username/Password
Authentication Method - Open Banking Channel (APP)?	N/A
Authentication Method - Private Channel (Browser)?	Browser Linking plus Risk Score and Username/Password
Authentication Method - Private Channel (APP)?	Device Binding and PiN/Device Side Biometric
Authentication Method Implementation Date (Open Banking Channel)?	TBC
Authentication Method Implementation Date (Private Channel)?	TBC
SCA Implementation Date?	TBC
SCA Scope? (will it inhibit non PSD2 accounts)	The scope includes: Customer Logon, Non-exempt payment journeys and high risk journeys for all accounts	Scope of solution only supports Payment Accounts. Non PSD2 accounts are not affected by this implementation.

Key Implementations

High Cost Credit	TBC

After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header	TBC